A new report from analytics firm Pixalate finds that over 813,000 apps have been removed from the Apple App Store and Google Play in the first half of 2021. There are certain common themes among these removed apps, the biggest of which is that the vast majority (86%) were targeting children.
The Apple App Store had a distinct problem with a lack of privacy policies (59%), despite the platform’s recent mandatory privacy changes. Google Play’s area of focus was dangerous permissions (66%) that could potentially skim personal information or locally saved data from user devices.
Apple App Store and Google Play removed apps for child targeting, lack of terms of service
Pixalate’s study does not track the specific reason given by the Apple App Store or Google Play for the removal (something that is not always made available to the public). It instead examines the removed apps for indicators that are likely to have raised a red flag with either app store.
A preponderance of these warning signs is a strong indication that Apple and Google are policing for them, however. The headline item is that child safety is in the crosshairs of both companies, with 86% of all of the removed apps across both platforms found to be targeting users age 12 and under. An even more common issue is a lack of a privacy policy; 94% of the removed apps did not have one, though the Apple App Store now requires it.
Each of the app stores had their own unique issues as well. Failure to include a privacy policy and/or adequate terms of service was, surprisingly, much more common among the Apple App Store’s removed apps (59% to Google Play’s 25%). This is a bit of an unexpected result given Apple’s heavy push for user privacy as of the iOS 14 update series, something it has leaned so hard into that it has alienated a good deal of its advertising business.
Jay Seirmarco, SVP of Operations and Legal Affairs for Pixalate, addressed how apps are still managing to list while lacking key required elements like a privacy policy: “Apple requires all apps in the App Store to have a privacy policy as of October 2018. Our data shows that apps with no privacy policy are at a higher risk of being delisted from the Apple App Store, but many apps without a privacy policy still remain — 16% of apps in the first half of 2021 in the App Store do not appear to have a privacy policy, according to Pixalate’s estimates. Google, Apple’s biggest competitor in the app ecosystem, still does not require privacy policies for apps on the Google Play Store. The requirement is not coming to Google’s app store until April 2022.”
Android apps more likely to have dangerous permissions
On the other hand, Android apps were more likely to have at least one dangerous permission: 66% of Google Play’s removed apps, to a mere 8% on the Apple App Store. The study defines “dangerous permissions” as a list of 30 functions that are very prone to abuse: these include writing to external storage automatically, initiating a phone call without going through the dialer, recording audio, and reading from/writing to the contacts list.
The removed apps were not all rinky-dink software downloaded by only a few unfortunate souls. The study documented about 20,000 apps that had at least 100,000 user downloads prior to de-listing. In total, the removed apps were downloaded 9.2 billion times in the first half of this year. Additionally, they collectively had about 21.8 million user ratings prior to removal. Delisted apps in Asia tended to have the best ratings prior to being removed: China, Singapore, Hong Kong and South Korea were the top four countries in rating removed apps highly prior to their disappearance, and Japan and Taiwan were also in the top 10.
While the two platforms had an equal frequency of missing terms of service (94% in both cases), and the Apple App Store was much more prone to be lacking in a privacy policy, sketchy Google Play apps were much more likely to list a questionable non-corporate email address (69% vs 8%). This may be attributable to stronger screening and oversight in the Apple App Store initial approval process.
Apps are not necessarily required to list a country of registration, and the removed apps took full advantage – 74% did not bother listing an address. Of the relative few that did, the majority were in the US (6%) or India (4%). There was a fairly wide distribution across the rest of the world with no single country cracking 1%.
The US was also the leader in removed apps with dangerous permissions, at 74%. Some other countries were very close: the UK, India and South Korea were all over 70%. 25% of the delisted apps in the US had access to the camera. Microphone access was most common in South Korea (15%), but the US and China were not far behind (13%).
The most popular Google Play apps among the delisted came from Google themselves: Cloud Print (1 billion downloads), Google Japanese Input and Google PDF Viewer (100 million each). This does not necessarily mean that these apps were compromising devices; the most likely explanation is that they were flagged for having at least one questionable permission. Cloud Print was scuttled by Google in January as it was primarily used for printing on Chrome devices, which gained native printing ability at the beginning of the year. PDF Viewer was also deprecated after Chrome was given that functionality.
The most popular of the delisted Apple App Store apps mostly came from China and none came from Apple themselves, but popular game manufacturer Zynga’s “Word Streak With Friends” made the top 10.
